From: Peter van Dijk Date: Thu, 15 Apr 2021 12:21:44 +0000 (+0200) Subject: start off recursor FAQ with some talk about EDNS bufsizes X-Git-Tag: dnsdist-1.6.0-rc1~4^2~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bbbc212d01fdd76bb6d602b922b9d9aa8b4fb9c3;p=thirdparty%2Fpdns.git start off recursor FAQ with some talk about EDNS bufsizes --- diff --git a/pdns/recursordist/docs/appendices/FAQ.rst b/pdns/recursordist/docs/appendices/FAQ.rst new file mode 100644 index 0000000000..b49ea41fdb --- /dev/null +++ b/pdns/recursordist/docs/appendices/FAQ.rst @@ -0,0 +1,44 @@ +Frequently Asked Questions +========================== + +This document lists categorized answers and questions with links to the relevant documentation. + +EDNS bufsize in response packets +-------------------------------- + +You may have spotted the 512 in something like the following (after ``EDNS ... udp:``):: + + $ dig example.com @9.9.9.9 + + ; <<>> DiG 9.11.5-P4-5.1+deb10u3-Debian <<>> example.com @9.9.9.9 + ;; global options: +cmd + ;; Got answer: + ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20155 + ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 + + ;; OPT PSEUDOSECTION: + ; EDNS: version: 0, flags:; udp: 512 + ;; QUESTION SECTION: + ;example.com. IN A + + ;; ANSWER SECTION: + example.com. 43200 IN A 93.184.216.34 + + ;; Query time: 86 msec + ;; SERVER: 9.9.9.9#53(9.9.9.9) + ;; WHEN: Thu Apr 15 13:56:34 CEST 2021 + ;; MSG SIZE rcvd: 56 + +and wonder 'why is the Recursor using a bufsize of 512? Did we not decide on a Flag Day, all together, that we would use 1232?' + +The EDNS buffer size in a DNS packet, generated by side A, tells the recipient of that packet (side B) the maximum packet size that side A will accept from side B. +So, when the Recursor talks to an Authoritative, the Recursor reports the buffer size the Authoritative is allowed to use to it - usually 1232 (:ref:`setting-edns-outgoing-bufsize`). +But the example above is the Recursor responding to a client, and it is telling the client 'from you, I accept packets of up to 512 bytes'. +Or, to say it differently, the Recursor is telling the client that *questions* must fit in 512 bytes. + +Similarly, the maximum size of a response from the Recursor to a client is governed by the buffer size reported by the client, and the :ref:`setting-udp-truncation-threshold` setting in the Recursor configuration. + +To see the buffer size the Recursor is reporting to authoritatives, ask an authoritative:: + + $ dig txt header.lua.powerdns.org +short @9.9.9.9 + "id: 52938, aa: false, rd: false, ad: false, cd: false, do: true, ednsbufsiz: 1232, tcp: false"